CVE-2010-5091
Published Aug 26, 2012
Last updated 12 years ago
Overview
- Description
- The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988"
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7"
}
],
"operator": "OR"
}
]
}
]